Vision Pro bug dropped spiders into your VR room
A well-known security researcher who has been finding bugs in Apple products for quite some time has uncovered the most literal Go-Bug exploits: filling the virtual workspace of Apple Vision Pro users with hundreds of lifelike spiders. The exploit, which could be executed remotely and did not require user permission, was fixed by a recent Apple security update.
Apple described the vulnerability as a logic issue with WebKit that could cause web content to be processed in a way that “may result in a denial of service.” In reality, CVE-2024-27812 was much, much worse if the thought of spiders overrunning your workstation terrifies you.
Everything you need to know about the world’s first spatial computing attack
Ryan Pickren, best known for discovering a series of zero-day vulnerabilities in Safari that led to remote takeover of iPhone and Mac cameras, called this latest discovery the world’s first spatial computing hack.
Now that Apple has closed the vulnerability and concluded negotiations on the bounty, Pickren has published a detailed report on the spider-generating vulnerability and demonstrated how easily it can be exploited.
The vulnerability itself was in Safari for visionOS, the operating system used by Apple’s Vision Pro virtual reality headset. By exploiting this vulnerability, a malicious website could bypass user permission warnings and fill a room with any number of fully animated 3D objects. Pickren chose spiders and bats to demonstrate the creepy hack. Creepy for anyone who is afraid of spiders or bats, but also because this remote hack caused the animated objects in this virtual room to persist even after the user quit Safari.
On Pickren’s website, you can watch videos of the spider invasion in full swing, as well as bats occupying an office space.
Instant Spiders enabled by old WebKit technology
The hack itself is relatively simple, as it exploits a vulnerability that makes privacy in shared personal spaces with Vision Pro absurd. “If an app wants a more immersive experience, it must obtain explicit permission from the user via an OS-level prompt that puts it in a trusted ‘full space’ context,” Pickren explained. Apple also introduced an experimental feature to enable support for WebXR in visionOS WebKit, which came with a newly created full-space permission model in a web context to ensure that user permission had to be manually granted via a Safari popup before 3D objects could be created in that space. This is to be expected from a privacy perspective, after all, this is Apple we’re talking about.
However, Pickren said that Apple appeared to have overlooked a 2018 web-based standard for viewing 3D models, Apple AR Kit Quick Look. Worryingly, the features enabled by this standard worked out of the box and therefore did not require experimental activation of the feature. Because Safari did not require a permission model for this standard, nor did it require a link to be clicked by the user, it could be exploited remotely without user interaction. “If the victim simply looks at our website in Vision Pro,” Pickren explained, “we can instantly fill their room with hundreds of crawling spiders and screeching bats! Scary stuff.”
The scariest thing about this hack for me was that closing Safari didn’t stop the virtual spider infestation, and the only way to get rid of them was to “manually run around the room and physically tap each one.”